Vulnerabilities > CVE-2006-6680 - Information Disclosure vulnerability in Chetcpasswd 2.2.1

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

chetcpasswd

NVD

Published: 2006-12-21

Updated: 2008-09-05

Summary

Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need for 0400 permissions on /etc/chetcpasswd.allow, which might allow local users to gain sensitive information by reading this file.

Vulnerable Configurations

Part	Description	Count
Application	Chetcpasswd Chetcpasswd Chetcpasswd 2.2.1	1

References

http://sourceforge.net/project/shownotes.php?group_id=68912&release_id=466649